In 2020, the pandemic was a radical turning point in the way we work. Office workers were forced to give up their commute and work from home. People from a whole range of industry sectors had to embrace technology, video conferencing and new communicat…Read More 2021 will be the year of hybrid working: How can CTOs keep staff secure and productive?
Enterprise third-party risk management (TPRM) programs have been around for a half-decade or longer, and at this point most large organizations run one. However, many of these TPRM programs only provide a thin veneer of cybersecurity assurance. Recent …Read More Third-party risk management programs still largely a checkbox exercise
On Feb 5th, 2021, a hacker gained remote access to a water treatment plant in Oldsmar, Florida, and was able to adjust the amount of sodium hydroxide in the water from 100 parts per million to 11,100. Thanks to the physical fail-safes and alarm systems…Read More U.S. municipalities are the perfect target for cybercriminals in 2021
When a major news event happens, cyber criminals will take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites, an infected attachment or are a s…Read More Major News Events
A majority of businesses surveyed for a study by the Economist Intelligence Unit (EIU) and the Cybersecurity Tech Accord, see state-led and sponsored cyberattacks as a major threat. They are concerned about catastrophic reputational and financial conse…Read More Most businesses see state-sponsored cyberattacks as a major threat
For public health officials, contact tracing remains critical to managing the spread of the coronavirus — particularly as it appears that variants of the virus could be more transmissible. The need for widespread contact tracing at the start of t…Read More Researchers propose more secure and private mobile contact tracing
Each February, the United States, Canada, the United Kingdom and other countries observe Black History Month. It’s a month-long celebration of the generations of black people who have elevated society by the way in which they’ve lived their lives. It’s…Read More Black History Month: Diversity in Cybersecurity Is More Important than Technology
The digitalization of services and expansion of remote working has heightened the number of off-premises users accessing cloud-based resources from their mobile device. In this configuration, each mobile device represents a point of entry for hackers, …Read More Whitepaper – EDR to secure mobile devices: Coverage, limits & recommendations
SecurityHQ launch their new mobile app, SecurityHQ Response. Cyber never sleeps. Survival demands agility and response demands collaboration, visibility, and action. Which is why SecurityHQ is now part of the few MSSPs that offers an app for clients to…Read More SecurityHQ Response: A mobile app that tracks the status of security incidents at any time
Entrust announced Adaptive Issuance Visitor Management as a Service (VMaaS), a cloud-based solution to enable a more modern, trusted approach to enterprise visitor management and security. As organizations begin to plan an eventual return to offices, t…Read More Entrust VMaaS solution offers a secure, compliant and contemporary approach to visitor management
Tenable launched Tenable.ep, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change. Tenable.ep combines the company’s products — Tenable.io Vulnerability Management, Tenable.io Web Application…Read More Tenable launches an all-in-one, risk-based vulnerability management platform
FireEye, Microsoft, CrowdStrike Offer New Details and RecommendationsThe CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gaine…Read More Senators Grill Cybersecurity Execs on SolarWinds Attack
PlusOne Solutions launched its open Application Programming Interface (API) for Customers looking to create a unified method for managing their Service Network (Contractors) compliance data and compliance programs. The PlusOne Solutions API allows for …Read More PlusOne Solutions API ensures a whole view of the network’s compliance and risk information
Sequitur Labs announced new packages for the EmSPARK Security Suite that allows manufacturers to secure embedded designs for industrial, consumer, smart home and health care applications quickly and painlessly. The EmSPARK Security Suite Base package p…Read More Sequitur Labs EmSPARK Security Suite provides essential security defenses for IoT applications
Hillstone Networks announces a breakthrough for data center security with the Hillstone Networks X8180. Customers can secure their networks with even more performance and greater energy efficiency while achieving high reliability, scalability and adapt…Read More Hillstone Networks X8180 secures networks with more performance and energy efficiency
ZEDEDA announced an integration with Microsoft Azure IoT services that provides customers with full lifecycle management capabilities (edge hardware, OS, Azure IoT Edge Runtime, Azure IoT Edge modules and additional apps), single-click bulk provisionin…Read More ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities
BBVA and Google Cloud announced a new strategic partnership to transform the bank’s security strategy by optimizing and improving its security infrastructure. As part of this global agreement, BBVA will collaborate with Google Cloud in the development …Read More BBVA partners with Google Cloud to improve security infrastructure for financial services
Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. […]Read More APT32 state hackers target human rights defenders with spyware
IBM announced availability of Red Hat software on IBM Power Systems as well as new IBM Power Systems hardware. These announcements further expand IBM Systems’s commitment to help clients modernize by empowering them with the latest technology fro…Read More Red Hat software now supported on IBM Power Virtual servers
Top execs from FireEye, SolarWinds, Microsoft, and CrowdStrike testified before the US Senate Intelligence Committee today on the aftermath – and ongoing investigations – into the epic attacks.Read More SolarWinds Attackers Lurked for ‘Several Months’ in FireEye’s Network
Origin Wireless announced it has closed its recent financing round and raised a total of $14 million from key investors and partners including Verizon Ventures and Alarm.com. Prior to closing, Origin achieved key milestones as a high-tech startup, incl…Read More Origin Wireless raises $14M to advance commercialization of WiFi sensing technology
ScienceLogic announced that it has raised $105 million in growth financing. Silver Lake Waterman led the company’s Series E round with participation from existing investors Goldman Sachs, Intel Capital and NewView Capital. The investment will support t…Read More ScienceLogic raises $105M to support the company’s continued innovation in the AIOps market
FundGuard announced that it has closed a $12 million Series A funding round. The financing is being led by Team8 and existing investors Blumberg Capital and LionBird Ventures. New investors participating in this Series A round include banking and asset…Read More FundGuard closes $12M funding round to enter new markets and grow the executive team
Vulnerability Could Remotely Shut Down MachinesThe Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down…Read More Python Software Rushes to Tackle RCE Vulnerability
Keysight Technologies announced it has completed the acquisition of Sanjole. As 5G technology evolves and deployments of private 5G networks scale, customers benefit from an integrated solution that enables them to troubleshoot issues in complex commun…Read More Keysight Technologies acquires Sanjole to deliver a comprehensive 5G solutions portfolio
Fusion Risk Management announced it has recorded several significant client wins among multinational and global investment banks to start the calendar year as the company continues to expand its footprint in the financial services sector. More than 20 …Read More Fusion Risk Management continues to expand its footprint in the financial services sector
Aviatrix announced that James Devine, formerly from AWS, has joined the company as a Principal Solutions Architect. While at AWS, Devine co-authored the AWS Certified Advanced Networking Study Guide and played an active role in defining cloud reference…Read More James Devine joins Aviatrix as a Principal Solutions Architect
Google has brought the FPS (Frames Per Second), or frame rate, reading back to the Google Chrome FPS meter after users were upset about its removal. […]Read More Google Chrome rolls back FPS Meter changes after user complaints
Google has brought the FPS (Frames Per Second), or frame rate, reading back to the Google Chrome FPS meter after users were upset about its removal. […]Read More Google Chrome’s FPS meter shows frame rate again after complaints
Business jet manufacture Bombardier says it has suffered a “limited cybersecurity breach” through Accellion’s FTA file transfer application.
The post Bombardier latest victim of Accellion FTA-related data theft first appeared on IT World Canada.
Also on Krebs’ radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.Read More Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized […]
The post VMware addresses a critical RCE issue in vCenter Server appeared first on Security Affairs.Read More VMware addresses a critical RCE issue in vCenter Server
Called Serious Threat, But Has Yet to Take Malicious ActionA previously undetected malware variant has infected almost 30,000 Apple Macs. So far, however, researchers have not seen the code, called Silver Sparrow, deliver any malicious payloads to thes…Read More Silver Sparrow Malware Infects 30,000 Macs
Protecting the U.S. power grid from serious outages, like the one following a 2021 winter storm in Texas, will require a better use of data analytics, modeling and policy making says industry expert.Read More Texas power outage: Data analytics, modeling and policy making will be key to preventing similar disasters
Rob Robinson, client partner in utilities practice for Capgemini, talks with TechRepublic about what the catastrophic outages in Texas should teach us about predicting threats to U.S. the power grid.Read More Texas power outage highlights need for better use of data analytics, modeling and policy making
DDoS, SQL injection, and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.Read More Top 5 things to know about network attacks
DDoS, SQL injection and man-in-the-middle are just a few of the attacks that can compromise your network. Tom Merritt lists five things to know about network attacks.Read More Network attacks: 5 things to know
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.Read More SonicWall Releases Second Set of February Firmware Patches
The WinAmp Community Update Project (WACUP ) has released Preview version 22.214.171.12470 with many fixes and improvements for the Winamp media player. […]Read More New WACUP release fixes a massive number of Winamp bugs
Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance. Experts believe the accounts were part of […]
The post Twitter removes 100 accounts linked to Russia disseminating disinformation appeared first on Security Affairs.Read More Twitter removes 100 accounts linked to Russia disseminating disinformation
NurseryCam suspends service across 40 daycare centers until a security fix is in place.Read More Daycare Webcam Service Exposes 12,000 User Accounts
The two campaigns aimed to steal victims’ business email account credentials by posing as the shipping companies.Read More 10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.Read More IBM Squashes Critical Remote Code-Execution Flaw
VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. […]Read More VMware fixes critical RCE bug in all default vCenter installs
Finnish IT services giant TietoEVRY has suffered a ransomware attack that forced them to disconnect clients’ services. […]Read More Finnish IT services giant TietoEVRY discloses ransomware attack
LinkedIn is inaccessible for both web and mobile users around the world in what appears to be an outage. […]Read More LinkedIn is down for many, and we are not sure why
These eight online courses teach the fundamentals you need to pass various IT and cybersecurity certification exams from Cisco and CompTIA.Read More Ace your cybersecurity and IT certification exams by taking these prep courses
US imprisons college comptroller who faked refunds to steal over a quarter of a million dollarsRead More Louisiana College Cyber-Thief Sentenced
Between the mass move to working from home and working online, there is ample evidence to suggest that learning to program is both a lucrative career move and a fascinating essential skill. Coding is a skill that can take your career new places or j…Read More This AI And Coding Course Will Change Your Career Forever
Twitter has removed dozens of accounts connected to Russian government-backed actors disseminating disinformation and targeting the European Union, the United States, and the NATO alliance. […]Read More Twitter removes accounts of Russian government-backed actors
Twitter has removed dozens of accounts connected to Russian government-backed threat actors disseminating disinformation and targeting the European Union, the United States, and the NATO alliance. […]Read More Twitter removes accounts of Russian govt-backed threat actors
Trend Micro found and blocked more than 62.6 billion cyber-threats last yearRead More 119k Threats Per Minute Detected in 2020
SentinelOne named official cybersecurity partner of Aston Martin Cognizant F1 TeamRead More Aston Martin Partners with SentinelOne
The extended support includes more than 130 devices.
The post Samsung devices to receive four years of security updates, one more than Pixel phones first appeared on IT World Canada.
The incident raises concerns about the privacy and security of conversations taking place on the platform
The post Clubhouse chats streamed to third‑party website appeared first on WeLiveSecurity
Ontario’s Lakehead University and B.C.’s Simon Fraser University continue investigations after suffering cyberattacks this month.
The post Ontario’s Lakehead University hopes to resume classes this week after cyberattack first appeared on IT World Cana…
IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions. IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise products, including IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise. Two issues, tracked as CVE-2020-14782 and […]
The post IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS appeared first on Security Affairs.Read More IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS
Microsoft listed as a Representative Vendor in the 2020 Market Guide for Insider Risk Management Solutions. Insider Risk Management is used worldwide to identify and manage insider risks, while maintaining employee privacy.Read More Microsoft listed as a Representative Vendor in 2020 Gartner Market Guide for Insider Risk Management Solutions
Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches. […]Read More Google adds Password Checkup support to Android autofill
Posted by Arvind Kumar Sugumar, Software Engineer, Android Team(Note: We’ve updated this post to reflect that the API works by collecting 3.25 bytes of the hashed username)With the proliferation of digital services in our lives, it’s more important tha…Read More New Password Checkup Feature Coming to Android
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attac…Read More Finnish IT Giant Hit with Ransomware Cyberattack
The data theft and extortion of Accellion FTA customers suggests three groups may be working together, or at the very least, two of them may be the same
The post FireEye researchers spot patterns in Accellion FTA attacks first appeared on IT World Canada.
There are premises outside of economic implications that draw attention to the importance of Automated Patch Management processes. Keeping systems well informed about the newly-released patches is no longer just a recommendation. It’s a necessity. As d…Read More Understanding the Automated Patch Management Process
It’s a bit like Snapchat all over again – but this bug was quickly fixed.Read More Keybase secure messaging fixes photo-leaking bug – patch now!
Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.Read More Checkout Skimmers Powered by Chip Cards
Didja see? Samsung’s pledging a full four years of support for security updates on its Galaxy-branded Android phones. Well, shiver me timbers: That sure is somethin’!Samsung slapped the news down onto these here internerfs of ours Monday morning, an…Read More Two big buts about Samsung’s Android security update announcement
When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.Read More Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
I live full-time two hours north of Toronto in the Haliburton area. I’ve had my Starlink internet for roughly one week, and here’s what I’ve learned.
The post Starlink internet in Canada: A remote worker’s experience so far first appeared on IT World C…
Mozilla Firefox 86 was released today with Total Cookie Protection, a new privacy feature that prevents web trackers from keeping tabs on your activity while browsing the web. […]Read More Firefox 86 gets a privacy boost with Total Cookie Protection
93% of orgs that experienced attacks admitted at least one was successfulRead More 84% of CNI Orgs Experienced Cyber-Attacks in the Last Year
In this blog, we’ll look at four infrastructure choices – SaaS, IaaS and PaaS – and the importance of having the right workloads in the right place for the right reason.
The post Why workload placement is critical to a successful digital transformation…
The venerable system has served us well but is now outdated. Not that it’s time to throw the system away — use it as a framework to measure risk using modern, context-based methods.Read More CVSS as a Framework, Not a Score
This is the seventh entry in this blog series on using Java Cryptography securely. Starting from theﾂ?basicsﾂ?we began diving deeper into various basic cryptographic primitives such as Cryptographically Secure Random Number Generator, symmetric & asymm…Read More Message Authentication Code (MAC) Using Java
With the shift to remote learning, schools are facing greater security risks and smaller financial margins, says BlueVoyant.Read More How cyberattacks can threaten colleges and universities
Microsoft has slashed support from 10 years to just five for Windows 10 LTSC, the version the company once pitched to enterprises as the OS that foreswore constant updating.In a Feb. 18 post to a Microsoft blog, Joe Lurie, senior product marketing m…Read More Microsoft slashes Windows 10 long-term support by half
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express – but that really steal their credentials.Read More 10K Microsoft Email Users Hit in FedEx Phishing Attack
The National Security and Defense Council (NSDC) of Ukraine is accusing threat actors located on Russia networks of performing DDoS attacks on Ukrainian government websites since February 18th. […]Read More Ukraine: DDoS attacks on govt sites originated from Russia
ACC survey finds cybersecurity has overtaken compliance as most important business issue, according to chief legal officersRead More In-House Legal Teams Increasingly Responsible for Cybersecurity
EDR (Endpoint Detection and Response) should be an essential part of any great cybersecurity strategy. Endpoint security is critical for any company since, only in 2019, “70% of successful breaches originated on the endpoint.” Moreover, “Today’s busine…Read More State-of-the-Art Cybersecurity Strategies: Essential Microsoft EDR Tools
Apple plans something old and something new in the refreshed MacBook Pro it’s expected to introduce in the latter half of 2021. What’s new includes M-series processors, while old returnees allegedly include MagSafe and an SD card reader.Interest is …Read More Something new, something old in Apple’s 2021 MacBook Pro upgrade
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed.
The research was undertaken by Moh…
Hyperconverged Infrastructure (HCI) has been around for some time, but it is now being used by many mainstream enterprise data centers. It blends the elements of a traditional three-tier architecture (compute, storage and networking) into a single s…Read More BrandPost: Why Hyperconverged Infrastructure Can Mean Hyper-reduced Lifetime Costs
Hyperconverged Infrastructure (HCI) has been around for some time, but it is now being used by many mainstream enterprise data centers. It blends the elements of a traditional three-tier architecture (compute, storage and networking) into a single s…Read More BrandPost: Why Hyperconverged Infrastructure Reduces Lifetime Costs
How have the types of attacks and their targets changed in the past year?Read More Experts Discuss How #COVID19 Impacted the Cyber-Threat Landscape
Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted organizations. Accellion has also confirmed on Monday that “out of approximately 30…Read More Accellion FTA attacks, extortion attempts might be the work of FIN11
Read More Dependency Confusion: Another Supply-Chain Vulnerability
Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.
This app can be offered to the company’s customers or can be used internally at the company as an employee tool.
But some of these apps can also contain proprietary or highly-sensitive code, depending on their nature. For these apps, companies will often use private libraries that they store inside a private (internal) package repository, hosted inside the company’s own network…
Scammers may be going downmarket to target consumersRead More Think Tank Warns of “Silent Stealing” Fraud
Incident prompts fears for latest Silicon Valley craze’s ability to guarantee users’ security and privacyClubhouse, the audio-chatroom app that has emerged as the latest craze to consume Silicon Valley, has shut down a site that was rebroadcasting the …Read More Clubhouse chatroom app closes down site rebroadcasting content
This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloom…Read More Analysis: Russia’s Sandworm Hacking Campaign
Cybercrime group linked to theft and extortionRead More FireEye: Accellion FTA Attacks Could be FIN11
A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about.
Unfortunately, within a single day, businesses worldwide had to face such a reality. Thei…
Our survey of 1,172 IT professionals finds that demand for some IT skills is strong but the pandemic has influenced the rate of hiring and roles that are being prioritized.Read More IT Salary Survey 2021: Hiring rate expected to increase but priorities will shift
The shock of the killing of George Floyd and other Black people in 2020 got Americans talking again about racial disparities — and companies talking again about improving diversity and inclusion. With Black History Month now winding down, there’s ev…Read More Where to find and recruit Black tech pros
On Monday, cybersecurity researchers connected a series of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to a data breach and extortion campaign orchestrated by the UNC2546 cybercrime group. Threat actors ta…Read More Accellion Attackers Stole Data and Breached Companies Running FTA Servers
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.
Called “Shadow attacks” by academics from Ruhr-…
A CCTV service designed to let parents remotely watch their children playing at nursery has suffered a data breach after it disputed concerns about its security.Read More NurseryCam suffers data breach after security concerns raised
Cybersecurity Tech Accord calls for closer government engagementRead More Most Firms Now Fear Nation State Attack
Researchers discover 30,000 Apple Macs have been infected with mysterious malware, Trudeau and Biden are set to meet virtually today, and we find out why Youtube has been blocking chess videos.
The post Hashtag Trending, Feb. 23 , 2021 – Apple Mac mal…